Qiang Xiong, Yifei Zhu, Zhangying Zeng, Xinqi Yang
{"title":"Signal Game Analysis between Software Vendors and Third-Party Platforms in Collaborative Disclosure of Network Security Vulnerabilities","authors":"Qiang Xiong, Yifei Zhu, Zhangying Zeng, Xinqi Yang","doi":"10.1155/2023/1027215","DOIUrl":null,"url":null,"abstract":"<div>\n <p>The global network threat is becoming more and more serious, and network security vulnerability management has become one of the critical areas in the national information security emergency system construction. To guide the third-party sharing platforms regarding network security vulnerability management, this work constructs a signal game model comprising third-party vulnerability sharing platforms and software vendors for vulnerability collaborative disclosures. In addition, we analyze the game strategy selection and its influencing factors. The results show that there are two perfect Bayesian equilibria, including separation equilibrium and mixed equilibrium, due to the incomplete lines of information disclosure. The equilibrium state is mainly based on the compression time of the protection period and the existence ratio of the software vendors who develop the patches in the market. This work puts forward some suggestions in terms of the protection period, reputation loss, and relevant laws and regulations.</p>\n </div>","PeriodicalId":50653,"journal":{"name":"Complexity","volume":"2023 1","pages":""},"PeriodicalIF":1.7000,"publicationDate":"2023-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1155/2023/1027215","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Complexity","FirstCategoryId":"5","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1155/2023/1027215","RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"MATHEMATICS, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
引用次数: 0
Abstract
The global network threat is becoming more and more serious, and network security vulnerability management has become one of the critical areas in the national information security emergency system construction. To guide the third-party sharing platforms regarding network security vulnerability management, this work constructs a signal game model comprising third-party vulnerability sharing platforms and software vendors for vulnerability collaborative disclosures. In addition, we analyze the game strategy selection and its influencing factors. The results show that there are two perfect Bayesian equilibria, including separation equilibrium and mixed equilibrium, due to the incomplete lines of information disclosure. The equilibrium state is mainly based on the compression time of the protection period and the existence ratio of the software vendors who develop the patches in the market. This work puts forward some suggestions in terms of the protection period, reputation loss, and relevant laws and regulations.
期刊介绍:
Complexity is a cross-disciplinary journal focusing on the rapidly expanding science of complex adaptive systems. The purpose of the journal is to advance the science of complexity. Articles may deal with such methodological themes as chaos, genetic algorithms, cellular automata, neural networks, and evolutionary game theory. Papers treating applications in any area of natural science or human endeavor are welcome, and especially encouraged are papers integrating conceptual themes and applications that cross traditional disciplinary boundaries. Complexity is not meant to serve as a forum for speculation and vague analogies between words like “chaos,” “self-organization,” and “emergence” that are often used in completely different ways in science and in daily life.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
